ZDX

1. Zscaler Digital Experience
   1. Probe
   2. Score
   3. Alerts
   4. Y-Engine

Zscaler Digital Experience

• components
  • telemetry and policy gateway (TPG)
  • ZDX analytics
  • central authority (CA)
• first authC – to ZIA to get policies from Mobile admin
  • if ZIA tenant does not exist, dummy tenant is created

Probe

• web probe
  • metrics
    • page fetch time
      • top-level page only
      • caching
        • avoids DDoS-ing the app
        • done by ZIA service edge
    • DNS time
    • server response time
    • availability
  • X-UPM-INFO identifies traffic as probe to ZIA ≡ enforce SSL inspection, even if there is no policy
• CloudPath
  • ≈ traceroute
    • hop count
    • packet loss
    • latency
    • jitter
  • signature in payload identifies traffic as probe to ZIA
  • tunnels are identified by reverse traceroute from service edge to tunnel headend
  • UDP, TCP, ICMP
• Deep Tracing
  • 5-60 mins
  • probes are launched every minute
  • advanced and M365 license
• MaxMind integration
• 30 probes per org

Score

• mean over lowest values (per user, app, location) within 1h
• probe every 5 mins (advanced license) / 15 mins (standard license)
• smooth score: moving average over past 30 minutes
• baseline and thresholds are calculated over 7 days (rolling window)
• UCaaS score
  • MOS
  • latency
  • jitter
  • loss: average, max

Alerts

• types
  • network
  • device
  • application
  • ZDX score

Y-Engine

• automated RCA: correlation of data
• can compare two points in time